Cryptography

Breaking the Vigenre

cipher

Breaking the Vigenre

cipher
Needed for programming assignment
1

The Vigenre cipher

The key is a string of letters
To encrypt, shift each character in
the plaintext by the amount dictated
by the next character of the key
Wrap around in the key as needed

Decryption just reverses the process

tellhimaboutme
cafecafecafeca
veqpjiredozxoe

Variant Vigenre cipher

Easier to work with ASCII plaintext
and hex ciphertext
Easier to implement
Easier to use (plaintext not limited to
lowercase characters)

Easier to work with byte-wise XOR

rather than modular addition

Variant Vigenre cipher

The key is a string of bytes
The plaintext is a string of ASCII
characters
To encrypt, XOR each character in
the plaintext with the next character
of the key
Wrap around in the key as needed

Decryption just reverses the process

Example
Say plaintext is Hello! and key is
0xA1 2F
Hello! = 0x48 65 6C 6C 6F 21
XOR with 0xA1 2F A1 2F A1 2F
0x48 0xA1
0100 1000 1010 0001 = 1110 1001 =
0xE9

Ciphertext: 0xE9 4A CD 43 CE 0E

Attacking the (variant) Vigenre

cipher
Two steps:
Determine the key length
Determine each byte of the key

Known plaintext letter

frequencies
14.0
12.7
12.0

10.0

9.1
8.2

8.0

7.0

6.7

6.1

6.0

Pe
rce
nta
ge

6.0

6.3

4.3

4.0

4.0
2.8

2.2

1.5

2.0

2.8

2.4

2.0

1.5
0.2

2.4

1.9

2.0

1.0

0.8

0.2

0.1

0.1

0.0

Letter

Determining the key length

Let pi (for 0 i 255) be the frequency of byte i
in plaintext (assuming English text)
I.e., pi =0 for i<32 or i>127
I.e., p97 = frequency of a
The distribution is far from uniform

If the key length is N, then every N th character of

the plaintext is encrypted using the same shift
If we take every Nth character and calculate
frequencies, we should get the pis in permuted order
If we take every Mth character (M not a multiple of N)
and calculate frequencies, we should get something
close to uniform

Determining the key length

How to distinguish these two?
For some candidate distribution q0, , q255,
compute qi2
If close to uniform, qi2 256 (1/256)2 = 1/256
If a permutation of pi, then qi2 pi2
Could compute pi2 (but somewhat difficult)
Key point: will be much larger than 1/256

Try all possibilities for the key length,

compute qi2, and look for maximum value

Determining the ith byte of

the key
Assume the key length N is known
Look at every Nth character of the
ciphertext, starting with the ith character
Call this the ith ciphertext stream
Note that all bytes in this stream were
generated by XORing plaintext with the same
byte of the key

Try decrypting the stream using every

possible byte value B
Get a candidate plaintext stream for each value

Determining the ith byte of

the key
When the guess B is correct:
All bytes in the plaintext stream will be
between 32 and 127
Frequencies of lowercase letters (as a
fraction of all lowercase letters) should be
close to known English-letter frequencies
Tabulate qa, , qz
Should find qi pi pi2 0.065
In practice, take B that maximizes qi pi,
subject to caveat above (and possibly others)

Attack time?
Say the key length is between 1 and
L
Determining the key length: 256 L
Determining all bytes of the key:
2562 L
Brute-force key search: 256L

The attack in practice

Attacks get more reliable as the
ciphertext length grows larger
Attacks still work for short(er)
ciphertexts, but more tweaking and
manual involvement is needed
You should expect to have to do this for
the HW!

Programming assignment
Use discussion boards for help
Good luck!